Cross-certificate method and device for electric vehicle charging

ABSTRACT

A cross-certificate method is performed by an electric vehicle (EV) for being supplied with power from electric vehicle supply equipment (EVSE) associated with a charging point operator (CPO) having established a trust relationship with a first vehicle to grid (V2G) root certificate authority (rootCA) and a second V2G root certificate authority. The cross-certificate method may include steps of: requesting charging from the electric vehicle supply equipment; receiving, from the electric vehicle supply equipment, a certificate chain held by the electric vehicle supply equipment; and verifying whether or not a last certificate of the certificate chain has been signed by the second V2G root certificate authority, wherein the last certificate of the certificate chain can be a cross-certificate issued by the second V2G root certificate authority.

BACKGROUND (a) Technical Field

The present disclosure relates to a cross certification method andapparatus, more particularly, to the cross certification method andapparatus for use in an electric vehicle charging and a power transfermethod using cross certification.

(b) Description of the Related Art

An electric vehicle (EV) is driven by an electric motor by power storedin a battery, and produces less pollution such as exhaust gas and noisecompared with a conventional gasoline engine vehicle, fewer faults, alonger life span, and advantageously, operation of the EV is simplified.

Typically EVs are classified into hybrid electric vehicles (HEVs),plug-in hybrid electric vehicles (PHEVs), and electric vehicles (EVs),based on a driving source. The HEV has an engine as a main power sourceand a motor as an auxiliary power source. The PHEV has a main powermotor and an engine used when a battery is discharged. The EV has amotor, but the EV does not have an engine.

An electric vehicle charging system may be defined as a system thatcharges a battery mounted in an electric vehicle using power obtainedfrom a commercial power grid or stored in an energy storage device. Suchan electric vehicle charging system may have various forms depending ona type of the electric vehicle. For example, the electric vehiclecharging system may include a conductive charging system using a cableor a non-contact wireless power transfer system.

In this regard, an eMobility service is a business segment that providesa service of supplying electricity to an EV user who owns or drives theEV or an organization that owns and operates the EVs for their ownbusiness such as transportations, logistics, or rental services. Atypical eMobility service provider executes a contract with the EV userincluding the organizations mentioned above and bills for theelectricity based on the amount of the electricity used for the chargingor the other billing criteria. From a business point of view, it isimportant to authenticate the EV user when the EV is charged becauserevenue of the eMobility service provider will be at risk if there is noadequate manner of authenticating the EV user. Further, the entirecharging infrastructure and the power grid located behind the charginginfrastructure are vulnerable to malicious attempts by an unauthorizedgroup exploiting the security vulnerabilities for a political orfinancial motive or for a sense of fulfillment.

SUMMARY

To solve the problems above, provided is a cross certification methodperformed by an electric vehicle.

Provided is a power transfer method performed by a charge pointoperator.

Provided is a cross certification apparatus for an electric vehicleusing the cross certification method.

According to an aspect of an exemplary embodiment, provided is a crosscertification method performed by an electric vehicle (EV) for beingsupplied with electric power from an electric vehicle supply equipment(EVSE) associated with a charge point operator (CPO) having establisheda trust relationship with a first vehicle-to-grid (V2G) root certificateauthority (CA) and trusts a second V2G root CA. The cross certificationmethod includes: requesting charging from the EVSE; receiving, from theEVSE, a certificate chain maintained by the EVSE; and verifying that alast certificate in the certificate chain has been signed by the secondV2G root CA.

The last certificate in the certificate chain may be a cross certificateissued by the second V2G root CA.

A public key in the cross certificate may coincide with a public keycorresponding to a private key used to issue a last certificateexcluding the cross certificate in the certificate chain.

The last certificate excluding the cross certificate in the certificatechain may have been issued by the first V2G root CA or the CPO.

The second V2G root CA may directly issue the cross certificate for thefirst V2G root CA by itself.

The second V2G root CA may issue the cross certificate for the first V2Groot CA via a cross certification intermediating device.

The expiration date of the cross certificate may be set beforeexpiration dates of a first V2G root certificate and a second V2G rootcertificate whichever is earlier.

A public key and an identification (ID) in a certificate issued by thefirst V2G root CA may be signed by using a private key corresponding tothe cross certificate.

A public key and an identification (ID) in a CPO subordinate CAcertificate may be signed by using a private key corresponding to thecross certificate.

According to another aspect of an exemplary embodiment, provided is apower transfer method performed by an electric vehicle supply equipment(EVSE) associated with a charge point operator (CPO) having establisheda trust relationship with a first vehicle-to-grid (V2G) root certificateauthority (CA). The power transfer method includes: receiving a chargingrequest from an electric vehicle (EV) trusting a second V2G root CA;providing a certificate chain maintained by the EVSE to the EV inresponse to the charging request; receiving a verification result forthe certificate chain from the EV; and supplying electric power to theEV depending on the verification result.

A last certificate in the certificate chain may be a cross certificateissued by the second V2G root CA.

A public key in the cross certificate may coincide with a public keycorresponding to a private key used to issue a last certificateexcluding the cross certificate in the certificate chain.

The last certificate excluding the cross certificate in the certificatechain may have been issued by the first V2G root CA or the CPO.

The second V2G root CA may directly issue the cross certificate for thefirst V2G root CA by itself.

The second V2G root CA may issue the cross certificate for the first V2Groot CA via a cross certification intermediating device.

The certificate chain may be sent to the EV in a ServerHello messageduring a transport layer security (TLS) handshake operation.

A public key and an identification (ID) in a certificate issued by thefirst V2G root CA may be signed by using a private key corresponding tothe cross certificate.

A public key and an identification (ID) in a CPO subordinate CAcertificate may been signed by using a private key corresponding to thecross certificate.

According to yet another aspect of an exemplary embodiment, provided isa cross certification apparatus of an electric vehicle (EV) for beingsupplied with electric power from an electric vehicle supply equipment(EVSE) associated with a charge point operator (CPO) having establisheda trust relationship with a first vehicle-to-grid (V2G) root certificateauthority (CA) and trusts a second V2G root CA. The cross certificationapparatus includes: a processor; and a memory storing at least oneinstruction to be executed by the processor. The at least oneinstruction, when executed by the processor, causes the processor to:request charging from the EVSE; receive, from the EVSE, a certificatechain maintained by the EVSE; and verify that a last certificate in thecertificate chain has been signed by the second V2G root CA.

The last certificate in the certificate chain may be a cross certificateissued by the second V2G root CA.

A public key in the cross certificate may coincide with a public keycorresponding to a private key used to issue a last certificateexcluding the cross certificate in the certificate chain.

The last certificate excluding the cross certificate in the certificatechain may have been issued by the first V2G root CA or the CPO.

The second V2G root CA may directly issue the cross certificate for thefirst V2G root CA by itself.

The second V2G root CA may issue the cross certificate for the first V2Groot CA via a cross certification intermediating device.

The cross certification method of the present disclosure enables tomanage the trusts flexibly in the EV charging network or system.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a conceptual diagram illustrating an EV conductive chargingsystem to which an exemplary embodiment of the present disclosure may beapplied;

FIG. 2 is a conceptual diagram illustrating a wireless power transfer(WPT) system to which an exemplary embodiment of the present disclosuremay be applied;

FIG. 3 illustrates an overview of a certificate structure in an electricvehicle charging system to which the present disclosure may be applied;

FIGS. 4A and 4B illustrate a concept of a cross certification betweenV2G root certification authorities (CAs) according to an exemplaryembodiment of the present disclosure;

FIG. 5 illustrates a concept of a cross certification between a V2G rootCA and an OEM root CA according to another exemplary embodiment of thepresent disclosure;

FIG. 6 illustrates a cross certification method between the V2G root CAsaccording to an exemplary embodiment of the present disclosure;

FIG. 7 illustrates a certificate verification procedure in a systemadopting the cross certification between the V2G operators according toan exemplary embodiment of the present disclosure;

FIGS. 8A and 8B show the cross certification method between the V2Goperators according to another embodiment of the present disclosure;

FIGS. 9A and 9B illustrate a concept of a cross certification using abridge CA according to another embodiment of the present disclosure;

FIG. 10 is a flowchart showing the cross certification method for EVcharging according to an exemplary embodiment of the present disclosure;

FIG. 11 is a flowchart showing a power transfer method according to anexemplary embodiment of the present disclosure; and

FIG. 12 is a block diagram of a cross certification apparatus accordingto an exemplary embodiment of the present disclosure.

DETAILED DESCRIPTION

For a more clear understanding of the features and advantages of thepresent disclosure, exemplary embodiments of the present disclosure willbe described in detail with reference to the accompanied drawings.However, it should be understood that the present disclosure is notlimited to particular embodiments and includes all modifications,equivalents, and alternatives falling within the idea and scope of thepresent disclosure. In describing each drawing, similar referencenumerals have been used for similar components.

The terminologies including ordinals such as “first” and “second”designated for explaining various components in this specification areused to discriminate a component from the other ones but are notintended to be limiting to a specific component. For example, a secondcomponent may be referred to as a first component and, similarly, afirst component may also be referred to as a second component withoutdeparting from the scope of the present disclosure.

When a component is referred to as being “connected” or “coupled” toanother component, the component may be directly connected or coupledlogically or physically to the other component or indirectly through anobject therebetween. In contrast, when a component is referred to asbeing “directly connected” or “directly coupled” to another component,it is to be understood that there is no intervening object between thecomponents.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the disclosure.As used herein, the singular forms “a,” “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

Unless defined otherwise, all terms used herein, including technical orscientific terms, have the same meaning as commonly understood by thoseof ordinary skill in the art to which the present disclosure pertains.Terms such as those defined in a commonly used dictionary should beinterpreted as having meanings consistent with meanings in the contextof related technologies and should not be interpreted as having ideal orexcessively formal meanings unless explicitly defined in the presentapplication.

Terms used in the present disclosure are defined as follows.

“Electric Vehicle (EV)”: An automobile, as defined in 49 CFR 523.3,intended for highway use, powered by an electric motor that drawscurrent from an on-vehicle energy storage device, such as a battery,which is rechargeable from an off-vehicle source, such as residential orpublic electric service or an on-vehicle fuel powered generator. The EVmay be a four or more wheeled vehicle manufactured for use primarily onpublic streets or roads.

The EV may include an electric vehicle, an electric automobile, anelectric road vehicle (ERV), a plug-in vehicle (PV), a plug-in vehicle(xEV), etc., and the xEV may be classified into a plug-in all-electricvehicle (BEV), a battery electric vehicle, a plug-in electric vehicle(PEV), a hybrid electric vehicle (HEV), a hybrid plug-in electricvehicle (HPEV), a plug-in hybrid electric vehicle (PHEV), etc.

“Plug-in Electric Vehicle (PEV)”: An Electric Vehicle that recharges theon-vehicle primary battery by connecting to the power grid.

“Plug-in Vehicle (PV)”: An electric vehicle rechargeable throughwireless charging from an electric vehicle supply equipment (EVSE)without using a physical plug or a physical socket.

“Heavy duty vehicle (H.D. Vehicle)”: Any four-or more wheeled vehicledefined in 49 CFR 523.6 or 49 CFR 37.3 (bus).

“Light duty plug-in electric vehicle”: A three or four-wheeled vehiclepropelled by an electric motor drawing current from a rechargeablestorage battery or other energy devices for use primarily on publicstreets, roads, and highways and rated at less than 4,545 kg grossvehicle weight.

“Wireless power charging system (WCS)”: A system for wireless powertransfer and control of interactions including operations for analignment and communications between a ground assembly (GA) and avehicle assembly (VA).

“Wireless power transfer (WPT)”: A transfer of electric power between apower source such as a utility, the power grid, an energy storagedevice, a fuel cell generator and the EV through a contactless channelsuch as electromagnetic induction and resonance.

“Utility”: A set of systems which supply electrical energy and include acustomer information system (CIS), an advanced metering infrastructure(AMI), rates and revenue system, etc. The utility may provide an EV withenergy through rates table and discrete events. Also, the utility mayprovide information related to certification on EVs, interval of powerconsumption measurements, and tariff.

“Smart charging”: A system in which EVSE and/or PEV communicate withpower grid to optimize charging ratio or discharging ratio of EV byreflecting capacity of the power grid or expense of use.

“Automatic charging”: A procedure in which inductive charging isautomatically performed after a vehicle is located in a proper positioncorresponding to a primary charger assembly capable of transferringpower. The automatic charging may be performed after obtaining necessaryauthentication and access.

“Interoperability”: A state in which components of a system interworkwith corresponding components of the system to perform operations aimedby the system. Additionally, information interoperability may refer tocapability that two or more networks, systems, devices, applications, orcomponents may efficiently share and easily use information withoutcausing inconvenience to users.

“Inductive charging system”: A system transferring energy from a powersource to an EV via a two-part gapped core transformer in which the twohalves of the transformer, i.e., primary and secondary coils, arephysically separated from one another. In the present disclosure, theinductive charging system may correspond to an EV power transfer system.

“Inductive coupler”: A transformer formed by the coil in a groundassembly (GA) coil and the coil in a vehicle assembly (VA) coil thatallows power to be transferred with galvanic isolation.

“Inductive coupling”: A magnetic coupling between two coils. One of thetwo coils may refer to the ground assembly (GA) coil, and the other oneof the two coils may refer to the vehicle assembly (VA) coil.

“Ground assembly (GA)”: An assembly on the ground or infrastructure sideincluding the GA coil, a power/frequency conversion unit, and GAcontroller as well as the wiring from the grid and between each unit,filtering circuits, housing(s) etc., necessary to function as the powersource of wireless power charging system. The GA may include componentssuitable for controlling impedances and resonant frequencies includingferrites and electromagnetic shielding materials for enhancing magneticflus paths.

“Vehicle assembly (VA)”: An assembly within the vehicle including the VAcoil, rectifier/power conversion unit and VA controller as well as thewiring to the vehicle batteries and between each unit, filteringcircuits, housing(s), etc., necessary to function as the vehicle part ofa wireless power charging system. The VA may include components suitablefor controlling impedances and resonant frequencies including ferritesand electromagnetic shielding materials for enhancing magnetic fluspaths.

The GA may be referred to as a supply device, a primary device, and soon, and the VA may be referred to as an EV device, a secondary device,and so on.

“Primary device”: An apparatus which provides a contactless coupling tothe secondary device. In other words, the primary device may be anapparatus extraneous to an EV. When the EV is receiving power, theprimary device may act as a source of the transferred power. The primarydevice may include the housing and all covers.

“Secondary device”: An apparatus mounted within the EV which providesthe contactless coupling to the primary device. In other words, thesecondary device may be installed within the EV. When the EV isreceiving power, the secondary device may transfer the power from theprimary to the EV. The secondary device may include the housing and allcovers.

“GA controller”: A portion of the GA which regulates the output powerlevel to the GA coil based on information from the vehicle.

“VA controller”: A portion of the VA which monitors certain in-vehicleparameters during charging and initiates communication with the GA toadjust an output power level.

The GA controller may be referred to as a primary device communicationcontroller (PDCC), and the VA controller may be referred to as anelectric vehicle communication controller (EVCC).

“Magnetic gap”: A vertical distance between the plane of the higher ofthe top of the litz wire or the top of the magnetic material in the GAcoil to the plane of the lower of the bottom of the litz wire or themagnetic material in the VA coil when aligned.

“Ambient temperature”: A ground-level temperature of the air measured atthe subsystem under consideration and not in direct sun light.

“Vehicle ground clearance”: A vertical distance between the groundsurface and the lowest part of the vehicle floor pan.

“Vehicle magnetic ground clearance”: A vertical distance between theplane of the lower of the bottom of the litz wire or the magneticmaterial in the VA Coil mounted within a vehicle to the ground surface.

“VA Coil magnetic surface distance”: A distance between the plane of thenearest magnetic or conducting component surface to the lower exteriorsurface of the VA coil when mounted. This distance includes anyprotective coverings and additional items that may be packaged in the VACoil enclosure.

The VA coil may be referred to as a secondary coil, a vehicle coil, or areceive coil. Similarly, the GA coil may be referred to as a primarycoil, or a transmit coil.

“Exposed conductive component”: A conductive component of electricalequipment (e.g. an electric vehicle) that may be touched and which isnot normally energized but which may become energized in case of afault.

“Hazardous live component”: A live component, which under certainconditions may output a harmful electric shock.

“Live component”: Any conductor or conductive component intended to beelectrically energized in normal use.

“Direct contact”: A contact of persons with live components. (See IEC61440)

“Indirect contact”: A contact of persons with exposed, conductive, andenergized components made live by an insulation failure. (See IEC 61140)

“Alignment”: A process of detecting a relative position of primarydevice to secondary device and/or detecting the relative position ofsecondary device to primary device for the efficient power transfer thatis specified. In the present disclosure, the alignment may direct to afine positioning of the wireless power transfer system.

“Pairing”: A process by which a vehicle is correlated with the uniquededicated primary device, at which it is located and from which thepower will be transferred. Pairing may include the process by which a VAcontroller and a GA controller of a charging spot are correlated. Thecorrelation/association process may include the process of establishinga relationship between two peer communication entities.

“High level communication (HLC)”: A particular type of digitalcommunication. The HLC is necessary for additional services which arenot covered by command & control communication. The data link of the HLCmay use a power line communication (PLC), but it is not limited.

“Low power excitation (LPE)”: A technique of activating the primarydevice for the fine positioning and pairing to allow the EV to detectthe primary device, and vice versa.

“Service set identifier (SSID)”: A unique identifier consisting of32-characters attached to a header of a packet transmitted on a wirelessLAN. The SSID identifies the basic service set (BSS) to which thewireless device attempts to connect. The SSID distinguishes multiplewireless LANs. Therefore, all access points (APs) and allterminal/station devices that want to use a specific wireless LAN mayuse the same SSID. Devices that do not use a unique SSID are not able tojoin the BSS. Since the SSID is shown as plain text, it may not provideany security features to the network.

“Extended service set identifier (ESSID)”: A name of a network to whichone desires to connect. It is similar to SSID but may be a more extendedconcept.

“Basic service set identifier (BSSID)”: The BSSID typically consists of48 bits and is used to distinguish a specific BSS. In the case of aninfrastructure BSS network, the BSSID may be a medium access control(MAC) of the AP equipment. For an independent BSS or ad hoc network, theBSSID may be generated with any value.

A charging station may include at least one GA and at least one GAcontroller configured to manage the at least one GA. The GA may includeat least one wireless communication device. The charging station mayrefer to a location having at least one GA, which is installed in home,office, public place, road, parking area, etc.

Hereinbelow, exemplary embodiments of the present disclosure will bedescribed in detail with reference to the accompanying drawings.

FIG. 1 is a conceptual diagram illustrating an EV conductive chargingsystem to which an exemplary embodiment of the present disclosure may beapplied.

As shown in FIG. 1, the EV conductive charging may be performed based onan interworking of an EV charging cable 30, an EV 10, and a power outlet40 installed in an existing building or charging stand.

The EV 10 may be generally defined as an automobile that supplies anelectric current from a rechargeable energy storage device such as abattery mounted on the EV 10 as an energy source of an electric motor.

The EV 10 may be a hybrid electric vehicle (HEV) having an electricmotor as well as an internal combustion engine. Also, the EV 10 may benot only an automobile but also a motorcycle, a cart, a scooter, or anelectric bicycle.

Further, the EV 10 according to the present disclosure may include aninlet for the conductive charging of its battery. Here, the EV 10 ofwhich battery may be conductively charged may be referred to as aplug-in electric vehicle (PEV) as defined above.

The inlet provided in the EV 10 according to the present disclosure maysupport a slow charging or a rapid charging. Here, the EV 10 may includeeither a single inlet that supports both of the slow charging and therapid charging through a single plug connection, or inlets thatrespectively support the slow charging and the rapid charging.

In addition, the EV 10 according to the present disclosure may furtherinclude an on-board charger (OBC) to support the slow charging by analternating current (AC) power supplied from a general power system. TheOBC may boost a level of the AC power supplied from the general powersystem and convert into a direct current (DC) power to supply the DCpower to the battery of the EV 10 during the course of the slowcharging. Accordingly, in case the AC power for the slow charging issupplied to the inlet of the EV 10, the slow charging may be performedthrough the OBC. In contrast, in case the DC power for the rapidcharging is supplied to the inlet of the EV 10, the rapid charging maybe performed without an intervention of the OBC.

The EV charging cable 30 may include at least one of a charging plug 31connected to the inlet of the EV 10, an outlet plug 33 connected to theoutlet 40, or an in-cable control box (ICCB) 32.

The charging plug 11 may be a connection part that can be electricallyconnected to the inlet of the EV 10. The ICCB 12 may communicate withthe EV 10 to receive status information of the EV or to control theelectric power charging of the EV 10.

Although the ICCB 12 is illustrated as being included in the EV chargingcable 10, the ICCB 12 may be mounted in a place other than the EVcharging cable 10 or may be combined with an SECC described below orreplaced by the SECC.

The outlet plug 13, which is suitable for being connected to the outletof the charging stand to receive the power, may be an electricalconnection member such as a general plug or a cord set.

The electric power outlet 30 may refer to an outlet installed at variousplaces such as a parking lot attached to a house of an owner of the EV10, a parking area for charging an EV at a gas station, or a parkingarea at a shopping center or an office building, for example.

In addition, a device referred to as a supply equipment communicationscontroller (SECC) may be installed in a building or place (e.g., acharging stand) where the outlet 30 is installed to control a chargingprocedure by communicating with one of the components of the ICCB 12 orthe EV 10 (e.g., electric vehicle communications controller (EVCC)).

The SECC may communicate with a power grid, an infrastructure managementsystem that manages the power grid, a management server (hereinbelow,referred to as ‘server’) of the building in which the outlet 30 isinstalled, or an infrastructure server through wired or wirelesscommunications.

The power outlet 40 may supply the AC power of the power system as itis. For example, the power outlet 40 may supply the AC powercorresponding to at least one of single-phase two-wire (1P2W) system ora three-phase four-wire (3P4W) system.

The EV charging cable 30 may support the slow charging and supply theelectric power for the slow charging to the EV 10. The electric powersupplied to the EV 10 for the slow charging may be in a range of 3.3 to7.7 kWh.

The EV charging cable 30 may support the rapid charging and supply theelectric power for the rapid charging to the EV 10. The electric powersupplied to the EV 10 for the rapid charging may be in a range of 50 to100 kWh.

FIG. 2 is a conceptual diagram illustrating a concept of a wirelesspower transfer (WPT) to which an exemplary embodiment of the presentdisclosure may be applied.

As shown in FIG. 2, a WPT may be performed by at least one component ofan electric vehicle (EV) 10 and a charging station 20 and may be usedfor transferring power to the EV 10 without any wire.

Particularly, the EV 10 may be usually defined as a vehicle thatsupplies an electric power stored in the rechargeable energy storageincluding a battery 12 to an electric motor in a power train system ofthe EV 10.

The EV 10 according to an exemplary embodiment of the present disclosuremay include a hybrid electric vehicle (HEV) having an electric motor aswell as an internal combustion engine, and may include not only anautomobile but also a motorcycle, a cart, a scooter, and an electricbicycle.

The EV 10 may include a power reception pad 11 that has a reception coilsuitable for receiving the electric power for charging the battery 12wirelessly or and may include a plug receptacle suitable for receivingthe electric power for conductively charging the battery 12. Inparticular, the EV 10 configured for conductively charging the battery12 may be referred to as a plug-in electric vehicle (PEV).

The charging station 20 may be connected to the power grid 50 or a powerbackbone, and may provide the AC power to a power transmission pad 21having a transmission coil via a power link.

The charging station 20 may communicate with the power grid 50, or theinfrastructure management system or an infrastructure server thatmanages the power grid, and may be configured to perform wirelesscommunications with the EV 10.

The wireless communications may be performed through Bluetooth, Zigbee,cellular, wireless local area network (WLAN), or the like.

Additionally, the charging station 20 may be located at various placesincluding a parking area attached to the owner's house of the EV 10, aparking area for charging an EV at a gas station or the like, a parkingarea at a shopping center or a workplace, but is not limited thereto.

The wireless power transfer to the battery 12 of the EV 10 may beperformed as follows. First, the power reception pad 11 of the EV 10 isdisposed in an energy field generated by the power transmission pad 21.Then the reception coil in the power reception pad 21 and thetransmission coil in the power transmission pad 11 are coupled to andinteracts each other. An electromotive force may be induced in the powerreception pad 11 as a result of the coupling or the interaction, and thebattery 12 may be charged by the induced electromotive force.

The charging station 20 and the power transmission pad 21 as a whole orin part may be referred to as the ground assembly (GA), of which meaningand function were defined above.

Also, all or part of the power reception pad 11 and other internalcomponents of the EV 10 may be referred to as the vehicle assembly (VA),of which meaning and function were defined above.

The power transmission pad or the power reception pad may be configuredto be non-polarized or polarized.

In case the pad is non-polarized, there is one pole in a center of thepad and an opposite pole around an external periphery of the pad. Themagnetic flux may be formed to exit from the center of the pad andreturn to external boundaries of the pad.

In case the pad is polarized, the pad may have respective poles atopposite end portions of the pad. The magnetic flux may be formed basedaccording to an orientation of the pad.

Meanwhile, according to ISO 15118 which is a communication standarddocument for the electric vehicle charging, the EV and an electricvehicle supply equipment (EVSE) control the entire charging process byexchanging messages. In detail, the electric vehicle communicationscontroller (EVCC) and the supply equipment communications controller(SECC) performs the communication for the electric vehicle charging.

After the EV verifies the identity of the EVSE to ensure that the EVSEis a trusted facility approved by a trusted operator, the EV establishesa secure channel with the EVSE to protect communications from anunauthorized access. Such a communication security may be secured byTransport Layer Security (TLS) which is a standardized protocol definedin Request for Comments (RFC) 5246, Internet Engineering Task Force(IETF). A TLS session may be established by a TLS session establishmentprocedure after an establishment of an IP-based communicationconnection. The security of the TLS relies on an assumption of trust ofthe EV for a trusted operator to which the EVSE belongs.

FIG. 3 illustrates an overview of a certificate structure in a chargingsystem to which the present disclosure may be applied.

FIG. 3 visually depicts the certificate structure according to the ISO15118 standard.

As shown in FIG. 3, an original equipment manufacturer (OEM)provisioning certificate is independent from public key infrastructure(PKI) sets of secondary actors which is under a global root certificate.A root certificate (OEM root CA cert) for the OEM provisioningcertificate may be generated by an OEM itself. However, it is alsopossible to reuse a vehicle-to-grid (V2G) root certificate (V2G root CAcert) as a mobility operator root certificate (MO root CA cert) or theOEM root certificate (OEM root CA cert), as indicated by dashed lines.

According to the ISO 15118 standard, the V2G operator may issue adigital certificate to entities related with an EV charginginfrastructure. In particular, the V2G operator may set a V2G rootcertification authority (V2G root CA) to issue the self-signed rootcertificate (V2G Root CA cert) 500, and issue an intermediatecertificate (V2G Sub-CA cert) 510 to a V2G subordinate certificationauthority (V2G Sub-CA). The V2G subordinate certification authority (V2GSub-CA) may issue certificates for the EVSE or other subordinatecertification authorities (V2G Sub-CAs).

Referring to FIG. 3, there may be up to two intermediate certificates(V2G Sub-CA certs) between the V2G root certificate (V2G Root CA Cert)and an EVSE leaf certificate. The certificates from the EVSE leafcertificate to a last intermediate certificate (CPO Sub-CA1 cert) issuedby the V2G root CA may be referred to as a certificate chain for theEVSE. The certificate chain for the EVSE may include two certificates(EVSE leaf cert and CPO Sub-CA1 cert) or 3 certificates (EVSE leaf cert,CPO Sub-CA2 cert, and CPO Sub-CA1 cert). The certificates may be issuedalong the certificate chain, and the highest certificate in the chainmay be the root certificate issued by the V2G root CA.

To prove its identity, the EVSE may send its certificate chain to the EVduring a TLS handshaking process. Then, the EV validates the EVSE leafcertificate by verifying the signature of each certificate in the chainusing the public keys included in the certificates in the chain. If theEV is not equipped with the V2G root certificate issued by the V2G rootCA in advance, the EV cannot verify the signature of the lastcertificate in the chain. Therefore, the EV may have to maintain aseries of V2G root certificates issued by the trusted V2G operators astrust anchors.

The EV may store only a limited number of V2G root certificates in aconsideration of a burden of EV memory check. Further, once the EV issold out to an EV user, it is difficult to update the trust anchors.Accordingly, a situation may arises in which the EV user cannot chargethe EV at an EVSE which has a certificate issued by at least one trustedV2G operator. In particular, such a situation may cause an inconvenienceto the EV user when the EV moved into an area where there is no EVcharging infrastructure certified by the trusted V2G operator. The onlysolution to this problem available currently is to bring the EV to afactory and install a new set of trust anchors or replace the set oftrust anchors which the EV user needs in the new area. However, thismethod incurs a very high cost and is inconvenient and unreliable.

The present disclosure provides a cross certification method to solvethe problem.

Method of implementing the cross certification according to the presentdisclosure may include a cross certification between two V2G CAs, across certification between a V2G CA and an OEM CA, and a crosscertification using a separate cross certification broker, e.g. abridge-CA.

FIGS. 4A and 4B illustrate a concept of the cross certification betweenthe V2G root CAs according to an exemplary embodiment of the presentdisclosure.

As shown in FIG. 4A, if there is a cross certificate contract concludedbetween V2G operators, an EV trusting a certain V2G root CA may receivea charging service from an EVSE having a certificate issued by asubordinate CA of another V2G root CA. Also, as shown in FIG. 4B, an EVtrusting a certain V2G root CA may verify a certificate signed by acertificate provisioning service (CPS) of another V2G root CA. That is,the EV may validate the certificate issued by a subordinate CA ofanother V2G root CA.

FIG. 5 illustrates a concept of the cross certification between the V2Groot CA and the OEM root CA according to another exemplary embodiment ofthe present disclosure.

Referring to FIG. 5, a charge point operator (CPO) or the CPS may verifyan OEM certificate without the OEM root certificate when the crosscertification between the V2G root CA and the OEM root CA is used.

The cross certification according to the present disclosure enables theEV to validate the EVSE certificate chain even when the EVSE certificatechain is not issued by the V2G CAs trusted by the EV. In other words,even if the EVSE certificate chain ends with an intermediate certificateissued based on a V2G root certificate which is not maintained by theEV, the EVSE may prove that the certificate chain has been crosscertified by one of the V2G operators trusted by the EV, and the EV mayvalidate the certificate chain.

This is possible because, according to a validation process defined inthe RFC 5280, the verification may be successful as long as acertificate chain leads to a trusted V2G root certificate along asignature validation path.

FIG. 6 illustrates the cross certification method between the V2G rootCAs according to an exemplary embodiment of the present disclosure.

In the embodiment of FIG. 6, it is assumed that a SECC certificate chainincludes the SECC leaf certificate (i.e. EVSE leaf certificate), asecond intermediate certificate (Sub-CA 2 cert), and a firstintermediate certificate (Sub-CA 1 cert), and the first intermediatecertificate (Sub-CA 1 cert) has been signed by the V2G-A rootcertificate (denoted by ‘KRV2G root CA cert’ in FIG. 6).

Here, the first intermediate certificate (Sub-CA 1 cert) may be issuedto a charge point operator (CPO), and the V2G root certificate is issuedto itself by the V2G root CA. The SECC leaf certificate and the secondintermediate certificate (Sub-CA 2 cert) are issued by the CPO. Thefirst intermediate certificate (Sub-CA 1 cert) and the KOV2G rootcertificate are issued by the KOV2G root CA.

If the cross certification is not used in the system and the EV has aV2G-B root certificate (DE V2G root CA cert), the signature of theissuer of the first intermediate certificate (Sub-CA 1 cert) cannot beverified using the public key of the V2G-B root certificate.

If, however, a V2G-B root CA (DE V2G root CA) issues a cross certificate(cross cert; x-cert) for the V2G-A root CA (KRV2G root CA) and the crosscertificate is added to an end of the certificate chain, the EV cantrust the chain. More specifically, the EV may successfully trace andverify the SECC leaf certificate, the second intermediate certificate(Sub-CA 2 cert), the first intermediate certificate (Sub-CA 1 cert), thecross certificate (x-cert), and the V2G-B root certificate in that orderto trust the identity of the EVSE presenting the certificates under thetrusted V2G-B root certificate.

The EV trusting only the V2G-B PKI set may utilize the charginginfrastructure operated based on the V2G-A PKI set by using the crosscertification as follows.

First, the V2G-A operator may conclude a contract for the crosscertification with the V2G-B operator. Accordingly, the CPS of the V2G-Broot CA may issue a cross certificate (CrossB2A) by signing the publickey and the identification (ID) of the V2G-A root CA with a private keyof the V2G-B root CA. In this case, the expiration date of the crosscertificate (CrossB2A) may be set before the expiration dates of theV2G-A root certificate and the V2G-B root certificate whichever isearlier. The cross certificate (CrossB2A) generated as above may bedistributed to all the EVSEs under the V2G-A root CA.

Afterwards, when an EVSE under the V2G-A root CA meets an EV that trustsonly the V2G-B root CA, the EVSE may send the certificate chainincluding the cross certificate (CrossB2A) in a ServerHello message, forexample, during a transport layer security (TLS) handshake operation.Since the public key in the cross certificate (CrossB2A) is identical tothe public key in the V2G-A root certificate, the EV can successfullyverify the signature of the last intermediate certificate (Sub-CA 1cert) in the certificate chain with the cross certificate (CrossB2A).The EV can successfully complete the validation procedure by verifyingthat the cross certificate (CrossB2A) has been signed by the trustedV2G-B root CA.

FIG. 7 illustrates a certificate verification procedure in a systemadopting the cross certification between the V2G operators according toan exemplary embodiment of the present disclosure.

According to the embodiment shown in FIG. 7, the DE V2G operator and theKR V2G operator may conclude the cross certification contract, and theDE V2G root CA may issue the cross certificate (CrossB2A). The issuer ofthe cross certificate (CrossB2A) is “DE . . . DE V2G root CA” and thesubject of the cross certificate is “KR . . . KRV2G root CA”. Also, inthe embodiment shown in FIG. 7, the subject “KR . . . KRV2G root CA” ofthe cross certificate may be the same as the subject of another crosscertificate (KOV2G root CA cert).

FIGS. 8A and 8B show the cross certification method between the V2Goperators according to another embodiment of the present disclosure.

According to the present embodiment, the cross certificate may be issuedto the subordinate certification authorities (Sub-CA 1 or Sub-CA 2)rather than the root CA. FIG. 8A shows an example in which the crosscertificate is issued to the first subordinate CA (Sub-CA 1), and FIG.8B shows an example in which the cross certificate is issued to thesecond subordinate CA (Sub-CA 2).

This method enables to maintain the certificate chain length shorter.For example, the ISO 15118-2:2014 standard limits the certificate chainlength to three and the ISO 15118-20 standard which is currently underpreparation for establishment may limit the certificate chain length tofour. The cross certification method of the present embodiment mayfacilitate to meet the provisions of these standards by reducing thecertificate chain length by one or two.

Meanwhile, according to another embodiment of the present disclosure,the cross certification may be accomplished in multiple stages. Forexample, the V2G-A root certificate be cross-certified by the V2G-B rootCA, and the V2G-B root certificate may be cross-certified by a V2G-Croot CA. Such a multi-level cross certification may provide flexibilityand scalability of the interoperability between the V2G operators. Apossible application of this feature may be the cross certificationbroker. The cross certification broker may conclude contracts with aplurality of V2G operators to cross-certify each other. As a result, theinteroperability between the V2G operators associated with the crosscertification broker by respective contracts may be enhanced.

FIGS. 9A and 9B illustrate a concept of a cross certification using abridge CA according to another embodiment of the present disclosure.

Referring to FIG. 9A, when the cross certifications are required amongfour V2G CAs, for example, the cross certifications may be accomplishedthrough a separate bridge CA instead of individual cross certificationsbetween all the possible pairs among the V2G CAs. The bridge CA mayenhance the interoperability between the V2G CAs and the scalability inan environment where more V2G CAs may be added.

FIG. 9B shows that a roaming service may be available in a system wherea simple PnC scheme is applied by use of the bridge CA.

FIG. 10 is a flowchart showing the cross certification method for EVcharging according to an exemplary embodiment of the present disclosure.

The cross certification method shown in FIG. 10 may be performed by theEV that needs to be supplied with electric power from the EVSE operatedby a charge point operator (CPO) having a contractual relationship withthe first V2G root CA. In this case, it is assumed that the EV has atrust relationship with the second V2G root CA. In particular, theoperator of the first V2G root CA may conclude a certification contractwith the operator of the second V2G root CA directly or through anintermediating device.

First, the EV that needs charging may request charging from the chargepoint operator (S1010). The charge point operator may include the EVSE.A charging request may include a certificate installation request(CertificateInstallationReq) message, and an element ‘ListOfRootCertIDs’for the root certificate ID list in the CertificateInstallationReqmessage may be set to “[(V2G1, <serial>)]”.

The EV may receive a certificate chain maintained by the charge pointoperator from the charge point operator as a response to the chargingrequest (S1020). The certificate chain may be a CPS certificate chainand may be included in a certificate installation response(CertificateInstallationRes) message.

Upon receiving the certificate chain, the EV may verify whether the lastintermediate certificate in the certificate chain has been signed by thesecond V2G root CA (S1030). More specifically, the EV may check whetherthe cross certificate was signed by the second V2G root CA. That is, thelast intermediate certificate in the certificate chain may be the crosscertificate issued by the second V2G root CA.

The public key in the cross certificate may coincide with a public keycorresponding to a private key used to issue the last certificate exceptfor the cross certificate in the certificate chain. The certificationauthority having issued the last certificate other than the crosscertificate in the certificate chain may be the first V2G root CA or theCPO.

The second V2G root CA may directly issue the cross certificate for thefirst V2G root CA by itself. Alternatively, the second V2G root CA mayindirectly issue the cross certificate for the first V2G root CA viaanother device such as the other V2G root CA or the intermediatingdevice.

FIG. 11 is a flowchart showing a power transfer method according to anexemplary embodiment of the present disclosure.

The power transfer method shown in FIG. 11 may be performed by a serveroperated by the charge point operator (CPO) having a trust relationshipwith the first V2G root CA or an individual EVSE operated by the CPO.However, the subject performing the method is indicated by the CPO inthe following description for the sake of convenience in thedescription.

When the CPO having established a trust relationship with the first V2Groute CA receives a charging request from the EV that trusts the secondV2G route CA (S1110), the CPO may provide the certificate chainmaintained therein to the EV (S1120). At this time, the CPO may send thecertificate chain by including the certificate chain in the ServerHellomessage during the TLS handshake operation.

After the EV completes the verification of the certificate chain, theCPO may receive a verification result for the certificate chain from theEV (S1130).

Finally, the CPO may supply electric power to the EV depending on theverification result (S1140).

Here, the last certificate in the certificate chain may be the crosscertificate issued by the second V2G root CA.

The public key in the cross certificate may coincide with a public keycorresponding to a private key used to issue the last certificate exceptfor the cross certificate in the certificate chain. The certificationauthority having issued the last certificate other than the crosscertificate in the certificate chain may be the first V2G root CA or theCPO.

The second V2G root CA may directly issue the cross certificate for thefirst V2G root CA by itself. Alternatively, the second V2G root CA mayindirectly issue the cross certificate for the first V2G root CA viaanother device such as the other V2G root CA or the intermediatingdevice.

FIG. 12 is a block diagram of a cross certification apparatus accordingto an exemplary embodiment of the present disclosure.

The cross certification apparatus shown in FIG. 12 may be implemented inthe EV that needs to receive electric power from the EVSE associatedwith the CPO having established a trust relationship with the first V2Groot CA. It is assumed that the EV has established a trust relationshipwith the second V2G root CA.

The cross certification apparatus 100 may include at least one processor110, a memory 120 for storing at least one program instruction to beexecuted by the processor 110, and a data transceiver 130 configure toperform communications through a network.

The processor 110 may execute program instructions stored in the memory120. The processor 110 may include a central processing unit (CPU) or agraphics processing unit (GPU), or may be implemented by another kind ofdedicated processor suitable for performing the methods of the presentdisclosure. The memory 120 may include, for example, a volatile memorysuch as a read only memory (ROM) and a nonvolatile memory such as arandom access memory (RAM).

The data transceiver 130 may include an EVCC communicating with the SECCof the EVSE provided by the CPO.

The at least one program instructions may include: instructionsconfigured to request charging from the EVSE; instructions configured toreceive a certificate chain maintained by the EVSE from the EVSE; andinstructions configured to verify whether the last certificate in thecertificate chain has been signed by the second V2G root CA.

The last certificate in the certificate chain may be the crosscertificate issued by the second V2G root CA.

The public key in the cross certificate may coincide with a public keycorresponding to a private key used to issue the last certificate exceptfor the cross certificate in the certificate chain. The certificationauthority having issued the last certificate other than the crosscertificate in the certificate chain may be the first V2G root CA or theCPO.

The second V2G root CA may directly issue the cross certificate for thefirst V2G root CA by itself. Alternatively, the second V2G root CA mayindirectly issue the cross certificate via another device such as theother V2G root CA or the intermediating device.

The cross certification method of the present disclosure described abovebased on exemplary embodiments enables to manage the trusts flexibly inthe EV charging network or system.

The apparatus and method according to exemplary embodiments of thepresent disclosure may be implemented by computer-readable program codesor instructions stored on a non-transitory computer-readable recordingmedium. The non-transitory computer-readable recording medium includesall types of recording media storing data readable by a non-transitorycomputer system. The computer-readable recording medium may bedistributed over computer systems connected through a network so that acomputer-readable program or code may be stored and executed in adistributed manner.

The non-transitory computer-readable recording medium may include ahardware device specially configured to store and execute programcommands, such as ROM, RAM, and flash memory. The program commands mayinclude not only machine language codes such as those produced by acompiler, but also high-level language codes executable by a computerusing an interpreter or the like.

Some aspects of the present disclosure have been described above in thecontext of a device but may be described using a method correspondingthereto. In particular, blocks or the device corresponds to operationsof the method or characteristics of the operations of the method.Similarly, aspects of the present disclosure described above in thecontext of a method may be described using blocks or items correspondingthereto or characteristics of a device corresponding thereto. Some orall of the operations of the method may be performed, for example, by(or using) a hardware device such as a microprocessor, a programmablecomputer or an electronic circuit. In some exemplary embodiments, atleast one of most important operations of the method may be performed bysuch a device.

In some exemplary embodiments, a programmable logic device such as afield-programmable gate array may be used to perform some or all offunctions of the methods described herein. In some exemplaryembodiments, the field-programmable gate array may be operated with amicroprocessor to perform one of the methods described herein. Ingeneral, the methods of the present disclosure are preferably performedby a certain hardware device.

The description of the disclosure is merely exemplary in nature and,thus, variations that do not depart from the substance of the disclosureare intended to be within the scope of the disclosure. Such variationsare not to be regarded as a departure from the spirit and scope of thedisclosure. Thus, it will be understood by those of ordinary skill inthe art that various changes in form and details may be made withoutdeparting from the spirit and scope as defined by the following claims.

What is claimed is:
 1. A cross certification method performed by anelectric vehicle (EV) for being supplied with electric power from anelectric vehicle supply equipment (EVSE) associated with a charge pointoperator (CPO) having established a trust relationship with a firstvehicle-to-grid (V2G) root certificate authority (CA) and a second V2Groot CA, the cross certification method comprising: requesting chargingfrom the EVSE; receiving, from the EVSE, a certificate chain maintainedby the EVSE; and verifying that a last certificate in the certificatechain has been signed by the second V2G root CA.
 2. The crosscertification method of claim 1, wherein the last certificate in thecertificate chain is a cross certificate issued by the second V2G rootCA.
 3. The cross certification method of claim 2, wherein a public keyin the cross certificate coincides with a public key corresponding to aprivate key used to issue the last certificate excluding the crosscertificate in the certificate chain.
 4. The cross certification methodof claim 2, wherein the last certificate excluding the cross certificatein the certificate chain was issued by the first V2G root CA or the CPO.5. The cross certification method of claim 2, wherein the second V2Groot CA directly issues the cross certificate for the first V2G root CAby itself.
 6. The cross certification method of claim 2, wherein thesecond V2G root CA issues the cross certificate for the first V2G rootCA via a cross certification intermediating device.
 7. The crosscertification method of claim 2, wherein an expiration date of the crosscertificate is set before expiration dates of a first V2G rootcertificate and a second V2G root certificate whichever is earlier. 8.The cross certification method of claim 2, wherein a public key and anidentification (ID) in a certificate issued by the first V2G root CA aresigned by using a private key corresponding to the cross certificate. 9.The cross certification method of claim 2, wherein a public key and anidentification (ID) in a CPO subordinate CA certificate are signed byusing a private key corresponding to the cross certificate.
 10. A powertransfer method performed by an electric vehicle supply equipment (EVSE)associated with a charge point operator (CPO) having established a trustrelationship with a first vehicle-to-grid (V2G) root certificateauthority (CA), the power transfer method comprising: receiving acharging request from an electric vehicle (EV) trusting a second V2Groot CA; providing a certificate chain maintained by the EVSE to the EVin response to the charging request; receiving a verification result forthe certificate chain from the EV; and supplying electric power to theEV depending on the verification result.
 11. The power transfer methodof claim 10, wherein a last certificate in the certificate chain is across certificate issued by the second V2G root CA.
 12. The powertransfer method of claim 10, wherein a last certificate in thecertificate chain is signed by the second V2G root CA.
 13. The powertransfer method of claim 11, wherein a public key in the crosscertificate coincides with a public key corresponding to a private keyused to issue the last certificate excluding the cross certificate inthe certificate chain.
 14. The power transfer method of claim 11,wherein the last certificate excluding the cross certificate in thecertificate chain was issued by the first V2G root CA or the CPO. 15.The power transfer method of claim 11, wherein the second V2G root CAdirectly issues the cross certificate for the first V2G root CA byitself.
 16. The power transfer method of claim 11, wherein the secondV2G root CA issues the cross certificate for the first V2G root CA via across certification intermediating device.
 17. The power transfer methodof claim 10, wherein the certificate chain is sent to the EV in aServerHello message during a transport layer security (TLS) handshakeoperation.
 18. The power transfer method of claim 11, wherein a publickey and an identification (ID) in a certificate issued by the first V2Groot CA are signed by using a private key corresponding to the crosscertificate.
 19. The power transfer method of claim 11, wherein a publickey and an identification (ID) in a CPO subordinate CA certificate aresigned by using a private key corresponding to the cross certificate.20. A cross certification apparatus of an electric vehicle (EV) forbeing supplied with electric power from an electric vehicle supplyequipment (EVSE) associated with a charge point operator (CPO) havingestablished a trust relationship with a first vehicle-to-grid (V2G) rootcertificate authority (CA) and trusts a second V2G root CA, comprising:a processor; and a memory storing at least one instruction to beexecuted by the processor, wherein the at least one instruction, whenexecuted by the processor, causes the processor to: request chargingfrom the EVSE; receive, from the EVSE, a certificate chain maintained bythe EVSE; and verify that a last certificate in the certificate chainhas been signed by the second V2G root CA.
 21. The cross certificationapparatus of claim 20, wherein the last certificate in the certificatechain is a cross certificate issued by the second V2G root CA.
 22. Thecross certification apparatus of claim 21, wherein a public key in thecross certificate coincides with a public key corresponding to a privatekey used to issue a last certificate excluding the cross certificate inthe certificate chain.
 23. The cross certification apparatus of claim21, wherein the last certificate excluding the cross certificate in thecertificate chain was issued by the first V2G root CA or the CPO. 24.The cross certification apparatus of claim 21, wherein the second V2Groot CA directly issues the cross certificate for the first V2G root CAby itself.
 25. The cross certification apparatus of claim 21, whereinthe second V2G root CA issues the cross certificate for the first V2Groot CA via a cross certification intermediating device.